[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure Internet-based Electronic Commerce: The View from Outside the US



[email protected] wrote ...
> I've just made a draft copy of this paper available for comment as 
> http://www.cs.auckland.ac.nz/~pgut01/paper.htm, a copy of the introduction is 
> given below.  The whole thing is around 170K long (40 A4 pages when printed).
> If anyone has any comments to make on it, please let me know.
>  
> Peter.

1) "...the number of security problems inherent in SMTP are legendary"

Incorrect. SMTP is safe. 
Some (most?) implementations of SMTP have not been safe.
There is a big distinction between the protocol and its implementation.

2) "C2...now being applied to networked single-user systems over
   multiple windows (which may require different security levels)"

I'm not aware of anyone doing that - doesn't mean it's not happening -
just seems an unusual configuration.

Other than these nits seems a v. thoroughly researched paper.

> Introduction
> ------------
>  
> [...]
>  
> Because of well-publicized break-ins there has been a steadily increasing 
> demand for encryption and related security measures to be included in software 
> products.  Unfortunately these measures often consist either of "voodoo 
> security" techniques where security is treated as a marketing checkbox only, 
> or are rendered ineffective by the US governments refusal to allow 
> non-americans access to the same security measures which it allows its own 
> citizens. Organisations employing such (in)security systems may make 
> themselves liable for damages or losses incurred when they are compromised.  
> This paper covers the issues of using weak, US government-approved security as 
> well as problems with flawed security measures, examines some of the measures 
> necessary to provide an adequate level of security, and then suggests several 
> possible solutions.

In general you equare security with cryptography - which is fine - 
but there are other tools that you need to use in addition to cryptography
to secure a system and network.

-- 
Nicolas Hammond                                 NJH Security Consulting, Inc.
[email protected]                                    211 East Wesley Road
404 262 1633                                    Atlanta
404 812 1984 (Fax)                              GA 30305-3774